Government updates guidance on data protection law in event of no-deal

By Deborah Ritchie

The government has updated its guidance detailing amendments to UK data protection law in the event that the UK leaves the EU without a deal. The EU (Withdrawal) Act 2018 (EUWA) retains the GDPR in UK law. The fundamental principles, obligations and rights that organisations and data subjects have become familiar with will stay the same.

To ensure the UK data protection framework continues to operate effectively when the UK is no longer an EU Member State, the government said it will make “appropriate changes” to the GDPR and the Data Protection Act 2018, details of which are due to be published in the next few weeks.

Simply put, the vast majority of the changes will involve removing references to EU institutions and procedures that will not be directly relevant when the UK is outside the EU. They will be replaced with terms that make sense in a UK context. For example, in general, references to “Union or Member State law” will instead be read as “domestic law”; while references to some decisions made by the EU Commission will be replaced with references to decisions made by the UK government, and so on.


Appropriate changes (Source: Department for Digital, Culture, Media & Sport)

DCMS says these regulations, in the event of a no-deal, would:

• preserve EU GDPR standards in domestic law;

• transitionally recognise all EEA countries (including EU Member States) and Gibraltar as ‘adequate’ to allow data flows from the UK to Europe to continue;

• preserve the effect of existing EU adequacy decisions on a transitional basis;

• recognise EU Standard Contractual Clauses (SCCs) in UK law and give the ICO the power to issue new clauses;

• recognise Binding Corporate Rules (BCRs) authorised before Exit day;

• maintain the extraterritorial scope of the UK data protection framework; and

• oblige non-UK controllers who are subject to the UK data protection framework to appoint representatives in the UK if they are processing UK data on a large scale.

Detailed guidance, such that is currently available, can be obtained here: https://www.gov.uk/government/publications/data-protection-law-eu-exit/amendments-to-uk-data-protection-law-in-the-event-the-uk-leaves-the-eu-without-a-deal-on-29-march-2019

    Share Story:

Recent Stories

FOI request reveals primary data breach drivers

Florida braces for major hurricane Dorian

Capsicum Re and Swiss Re launch cyber reinsurance solution




Download the latest
digital edition of
CIR Magazine


© 2019 Perspective Publishing     Privacy & Cookies